mysql database hacked: <iframe></iframe> appended to a column

My mysql database was hacked another time. The hacker just append an iframe to the title of my post for each entry. The content in the frame seems to be virus. Could anyone help me to avoid this in the future? I tried to use mysql_real_escape_string() for most of my queries, but not all (maybe I should check all files now). If I use mysql_real_escape_string() to all queries, will I be able to avoid this happening again? Is there any way to avoid hacker write iframe into database? Thanks.

You should.
Do you directly pass data from your web page into your mysql without validating data content?
It is hard to say.
A way to prevent data corruption in the database is to limit the possibility that an external user can submit queries directly to your database.

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…

In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…

In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster.
To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment.
To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…